Users are more concerned about their online privacy than ever before. Data leaks, surveillance threats and dubious marketing techniques have caused many users and governments to ask; what are websites using our data for? Don’t we have a right to know? Many have said yes. This is where your website’s privacy policy comes in. Every website needs a privacy policy. In this blog post, we’ll discuss what this is, why it’s required, and how to create one to protect your site.
What is a Privacy Policy?
A privacy policy is a legal document available on your website stating what information you collect from visitors and how you collect, use, store, manage and share it. This includes information that users enter themselves, such as that entered on an online contact form or newsletter sign-up, as well as information tracked in the background, like information tracked by cookies.
Do All Websites Need a Privacy Policy?
All websites need a privacy policy. Privacy policies are required under a number of laws throughout the world. Keep in mind, these laws protect the rights of consumers in these areas. So, even if you do not reside in these areas, you are obligated to protect the laws of these residents. The global nature of the internet makes it impossible to keep some visitors out and let others in, based on geography. Therefore, every website should have a privacy policy.
The following is an incomplete list of rules that require a privacy policy:
- United States: California Online Privacy Protection Act of 2003 (CalOPPA)
- European Union: General Data Protection Regulation (GDPR)
- Canada: Personal Information Protection and Electronic Documents Act (PIPEDA) and the
- Australia: Privacy Act of 1988
Many online services also require websites to have a privacy policy. This means, in order to use any of these applications on your site, you must have a privacy policy.
The following is an incomplete list of applications that require a privacy policy:
- Google services, including Analytics, Adwords, Play Store etc.
- Twitter lead generation services
- Facebook or Instagram ads
- Apple App Store
If your website uses cookies or collects any other kind of data, or uses modern online marketing or advertising tools, you need a privacy policy. If your website doesn’t do any of these things, is it effective?
What Should My Privacy Policy Say?
Your privacy policy should include a few key aspects, but it does not have to be a complex or confusing legal document. The main goal of your privacy policy is to explain what data you gather and how you use, share and store this data. You will also need a clause specifically covering children’s data (minors 13 years old and under), to comply with the Children’s Online Privacy Protection Rule (COPPA).
Your privacy policy should include at least the following:
- Do Not Track clause: Some browsers can block tracking from services like Google Adwords, among others. A Do Not Track clause states how your website handles Do Not Track signals.
- Google Analytics use: If you use Google Analytics, Google requires that you state this, explain how you collect this data, and that you use cookies.
- Google Adwords use: If you use Google Adwords, you’ll need to explain how you use web visitors’ data to display ads, show specific content, and how users can opt out of this tracking.
- Cookies: Your privacy policy must explain your use of cookies for tracking user behavior (this may be already explained by the previous additions to your privacy policy).
Business information: List your business name, address and contact information in your policy. - Information you collect: List all the information you collect, and what you use this for. This includes information provided by the user on a form, forum post, or other submission, as well as background information, like demographics, browser, location, etc.
- Your reasons for collecting information: List why you collect the data that you collect, and how this information affects a user’s experience.
- Third party sharing: If you share data with Google Analytics, AdSense, or other tools, you must list this.
- Opt-out: List how users can remove their data. This might mean updating their preferences, subscription details, or something else.
How Do I Create a Privacy Policy?
This can seem like a lot of information to put in your privacy policy, but don’t worry. There are ways to easily create a comprehensive privacy policy. This will not only provide transparency for your customers and visitors, but it will also protect you from liability.
Termaggedon
This may be the easiest way to add a privacy policy to your website. With some information about your business and your website, Termaggedon will create a privacy policy for you. Once this policy has been created, you can simply add it to a page on your site. *
Compare Other Privacy Policies
Obviously, you don’t want to copy your competitors privacy policy exactly. Not only would this be plagiarism, but your tools and your use of user data might not be the same. However, this can be a good place to start. Privacy policies must be publicly available, so you can take a look at your competitors’ or partners’ policies to see what information you should include and how it should be formatted.
Consult With Your Team
Talk to your legal team and technology team when working on your privacy policy. This is a good idea even if you’ve already created a policy using Termaggedon, or you already have a policy and you’re updating it.
Keep Your Privacy Policy Updated
If you already have a privacy policy, it’s tempting to consider the box checked and move on. However, your privacy policy should change and evolve as your website and marketing strategy, as well as the legal landscape, evolve. When you make changes to your website, add tools to your marketing strategy, or notice new online privacy laws, you’ll want to reassess your privacy policy. When you make these changes, you should update clients and subscribers to let them know.
Your privacy policy is a legal requirement and a requirement for transparency. Once your privacy policy is completed and on your site, both you and your web visitors can enjoy peace of mind. Remember that your privacy policy doesn’t have to be overly complex; you should simply state what data you collect from users and why. With this in mind, you can simplify this process, and create a policy that users understand.
*There are a handful of DIY privacy policy generators available. Web Ascender personally uses Termaggedon and has a referral relationship with them; However, you should evaluate your options and choose what is best for your organization.